Thanks for the replies, guys.
The advice to lock down the ports makes good sense. The client swore they
didn't want it locked down, but we've finally convinced him otherwise. So,
we went into the router (via console) and removed the "ip nat inside source
static..." line altogether, which (correct me if I'm wrong) should have
allowed me to telnet into the router via Internet. However, I still could
not telnet into the router, receiving "% Connection refused by remote host"
error.
Perhaps the newer IOS (I'm not sure what's in here, since I can't telnet
into it) has to implicitly allow telnet logins?
Perhaps anyone can lend a suggestion?
Thanks!
Ken.
Chris Roberts wrote:
> On Wed, Oct 03, 2001 at 01:31:04PM -0400, Ken Reiss wrote:
> [ ... ]
> > ip nat translation timeout 1800
> > ip nat inside source list 1 interface Dialer1 overload
> > ip nat inside source static 172.17.253.2 209.101.148.208
> >
>
> This command will redirect all ports including telnet unfortunately. You
> could either redirect just the ports you want, or you might be able to
> do something icky like set up a static NAT mapping for port 23 to the
> routers internal IP, or even a loopback IP preferably.
>
> Cheers,
> Chris.
>
> >
> > Thank you very much,
> > Ken Reiss.
> >
>
> Cheers,
> Chris.
> --
> |=========----- -------=======|
> | Chris Roberts (croberts@bongle.co.uk) |
> |=======------- -----=========|
--************************* Kenneth A. Reiss Port One Internet, Inc. 160 Chapel Road Manchester, CT 06040 860-722-3000 860-533-0033 Fax: 533-7225 *************************
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:50 EDT